Cyber Security Controls for Nonprofits
I recently had the pleasure of speaking on the topic of ‘Cyber Security for Nonprofits’ as part of the Merrimack Valley Chamber of Commerce breakfast series. Nonprofits or smaller organizations don’t usually have much of a budget, so I focused my presentation on the best bang for your buck controls to help create a secure environment.
First, it’s imperative to understand the basic security facts and biggest threat to your business. Let’s begin with PICNIC – Problem in Chair, Not in Computer. Almost all security issues begin with human error, not computer malfunctions. Even though your organization can never be 100% secure, it is important to create enough controls and provide security training to make your organization more resilient to security threats.
During this presentation, I discussed the top threats for small to midsize businesses and a few controls that can help minimize security breaches.
- Equipment Failure - Equipment failure is still the number one concern. It is important to frequently check your backup solutions and enforce centralized file storage. Your organization must test backup equipment periodically to make sure that it is running properly.
- Malware - Malware is software that is intended to compromise computer systems and is a top malicious threat for nonprofits. Antivirus solutions can help minimize these malware attacks and there is no excuse for not having this protection. The Logically Managed Security Services team has recommended tools and levels of management.
- Insider Threats - Insider threat is another form of attack that can be an issue for organizations. At nonprofit or smaller organizations, some employees may have access to large amounts of data which could pose a significant threat if these employees leave on bad terms. Organizations should practice password management and activity monitoring.
- Social Engineering - Social engineering is another top threat and certain companies are often targeted for these types of attacks. This type of attack occurs when an email requests employees to take action – action that could put an organization at risk of a breach should they follow through. The best control for this type of attack is security awareness training. This training should be provided frequently to improve the security culture and help your employees become aware of malicious attacks.
These are just a few things your nonprofit organization should be aware of and a few controls to help minimize security breaches. If you feel as though your organization is not where you need to be from a security standpoint, it’s time for a conversation with our Managed Security Services team.